<?php
require_once("models/config.php");

//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
    header("Location: account.php");
    die;
}
?>
<?php
/*
  Below is a very simple example of how to process a login request.
  Some simple validation (ideally more is needed).
 */

//Forms posted
if (!empty($_POST)) {
    $errors = array();
    $username = trim($_POST["username"]);
    $password = trim($_POST["password"]);

    //Perform some validation
    //Feel free to edit / change as required
    if ($username == "") {
        $errors[] = "Username is required.";
    }
    if ($password == "") {
        $errors[] = "Password is required";
    }

    //End data validation
    if (count($errors) == 0) {
        //A security note here, never tell the user which credential was incorrect
        if (!usernameExists($username)) {
            $errors[] = "Username or password is invalid";
        } else {
            $userdetails = fetchUserDetails($username);

            //See if the user's account is activation
            if ($userdetails["active"] == 0) {
                $errors[] = "Your account is not active. Check your emails / spam folder to find your account activation instructions.";
            } else {
                //Hash the password and use the salt from the database to compare the password.
                $entered_pass = generateHash($password, $userdetails["password"]);

                if ($entered_pass != $userdetails["password"]) {
                    //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
                    $errors[] = "Username or password is invalid";
                } else {
                    //Passwords match! we're good to go'
                    //Construct a new logged in user object
                    //Transfer some db data to the session
                    $loggedInUser = new loggedInUser();
                    $loggedInUser->email = $userdetails["email"];
                    $loggedInUser->user_id = $userdetails["user_id"];
                    $loggedInUser->hash_pw = $userdetails["password"];
                    $loggedInUser->display_username = $userdetails["username"];
                    $loggedInUser->clean_username = $userdetails["username_clean"];

                    //Update last sign in
                    $loggedInUser->updateLastSignIn();

                    $_SESSION["userCakeUser"] = $loggedInUser;

                    //Redirect to user account page
                    header("Location: account.php");
                    die;
                }
            }
        }
    }
}
?>

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Login</title>
        <link href="cakestyle.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
        <div id="wrapper">
            <div id="logo"></div>
            <?php
            if (!empty($_POST) && count($errors) > 0) {
                $list = "";
                foreach ($errors as $issue)
                    $list.="<li>" . $issue . "</li>";
                ?> 

                <div id="errors">
                    <ol> 
                        <?php echo $list; ?>
                    </ol>
                </div>

            <?php } ?>

            <div id="regbox">
                <form name="newUser" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">

                    <label for="user">Username:</label> <input type="text" name="username" /><br />
                    <label for="pass">Password:</label> <input type="password" name="password" /><br />

                    <input type="submit" value="Login" class="submit" />

                </form>

            </div>

            <div style="text-align:center; padding-top:15px;">
                <a href="index.php">Home</a> | <a href="login.php">Login</a> | <a href="forgot-password.php">Forgot Password</a> | <a href="register.php">Register</a><br />
                <a href="resend-activation.php">Resend Activation Email</a>
            </div>

        </div>
    </body>
</html>

<?php include("models/clean_up.php"); ?>
